blog.rightreading.com

Right-reading (adj): Having the proper orientation (used in printing)

Today is

site home ^. blog home ^. about ^. archives ^. policies ^. contact ^. tom's book of days ^. frisco vista ^. buried mirror ^. seven junipers ^. museum of folly ^. fc kulcha

Duly Quoted

Language is a skin: I rub my language against the other. It is as if I had words instead of fingers, or fingers at the tip of my words. My language trembles with desire.”
-- Rolande Barthes

On this date on this blog

11-20-2007 Vector Magic

Tom Christensen
("xensen") ^. tom [at] rightreading.com

twitter xensen

Search This Blog

12 Recent Posts

Most posts appear early weekday mornings.

Top 16 Currently Popular Pages

updated 9/20/2008

1 How to Get a Book Published
2 Persian Ceramics
3 Chinese Jade
4 Creative barcodes from Japan
5 Taoism and the Arts of China
6 The digital divide
7 New graphic design 8 Gutenberg and Asia
9 The Yi jing
10 Glossary of Book Publishing Terms
11 Books for Writers
12 Famous Last Words
13 On Julio Cortazar
14 On Lewis Caroll's Sylvie and Bruno
15 Daybook: September
16 The Making of Masters of Bamboo

Take care with cookies

At the Black Hat conference in Las Vegas it was demonstrated how log-in data can be stolen via cookies exchange when using hi-fi hotspots.

UPDATE: See the comments to this post for more.

Comments

Comment from Robert
Time: August 4, 2007, 2:19 pm

The problem here is that cookies were being passed unencrypted from the browser to the site. This is nearly as bad as passing the login and password itself in an unencrypted fashion. So, furiously pressing “delete cookies” won’t really help here. Better to realize no site is perfect which means some good tips are:

1) Don’t use untrusted networks (the hackers in this case were privy to all the data on the network because they had hacked a router or other device that transmits all the network information up to the internet).

2) Use different passwords for different sites, and change them periodically

3) Only log into web sites that use https as the protocol

I hate it when some black hat makes a finding and then makes it sound like they’ll soon be taking over the world because they’ve discovered a problem with some technology that the general public has heard about (e.g. “cookies”). The truth is, most big sites are aware of these kinds of things - they just happened to catch Gmail doing something stupid in this instance (passing an unencrypted authentication cookie).

Write a comment

This companion blog to www.rightreading.com explores the full gamut of print and electronic publication, from conception, research, and editing through design, typesetting, and image preparation, through paper, print, and pixel on to marketing and sales. It seeks to integrate the editorial and design functions, which too seldom communicate effectively. Books, authors, translation, and reviewing are also covered.

Some rights reserved 2008 blog.rightreading.com. This work is licensed under a Creative Commons (attribution, noncommercial, no derivs: 3.0) License (US), although some of the work this blog incorporates may be separately licensed.